Markus Lottmann

**Name of the Vulnerable Software and Affected Versions** Libav versions 0.5.x through 0.5.8 Libav versions 0.6.x through 0.6.5 Libav versions 0.7.x through 0.7.5 Libav versions 0.8.x through 0.8.1 **Description** The issue is related to a heap-based buffer overflow in the `vqa decode chunk` function within the VQA codec of libavcodec. This can be triggered by remote attackers using a crafted VQA media file where the image size is not a multiple of the block size, potentially leading to a denial of service or arbitrary code execution. **Recommendations** For Libav versions 0.5.x through 0.5.8, update to version 0.5.9 or later. For Libav versions 0.6.x through 0.6.5, update to version 0.6.6 or later. For Libav versions 0.7.x through 0.7.5, update to version 0.7.6 or later. For Libav versions 0.8.x through 0.8.1, update to version 0.8.2 or later.